// SPDX-License-Identifier: Apache-2.0
// Copyright Authors of Cilium


// This file was autogenerated by go-to-protobuf. Do not edit it manually!

syntax = "proto2";

package github.com.cilium.cilium.pkg.k8s.slim.k8s.api.core.v1;

import "github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/meta/v1/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";

// Package-wide variables from generator "generated".
option go_package = "github.com/cilium/cilium/pkg/k8s/slim/k8s/api/core/v1";

// ClientIPConfig represents the configurations of Client IP based session affinity.
message ClientIPConfig {
  // timeoutSeconds specifies the seconds of ClientIP type session sticky time.
  // The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
  // Default value is 10800(for 3 hours).
  // +optional
  optional int32 timeoutSeconds = 1;
}

// A single application container that you want to run within a pod.
message Container {
  // Name of the container specified as a DNS_LABEL.
  // Each container in a pod must have a unique name (DNS_LABEL).
  // Cannot be updated.
  optional string name = 1;

  // Container image name.
  // More info: https://kubernetes.io/docs/concepts/containers/images
  // This field is optional to allow higher level config management to default or override
  // container images in workload controllers like Deployments and StatefulSets.
  // +optional
  optional string image = 2;

  // List of ports to expose from the container. Not specifying a port here
  // DOES NOT prevent that port from being exposed. Any port which is
  // listening on the default "0.0.0.0" address inside a container will be
  // accessible from the network.
  // Modifying this array with strategic merge patch may corrupt the data.
  // For more information See https://github.com/kubernetes/kubernetes/issues/108255.
  // Cannot be updated.
  // +optional
  // +patchMergeKey=containerPort
  // +patchStrategy=merge
  // +listType=map
  // +listMapKey=containerPort
  // +listMapKey=protocol
  repeated ContainerPort ports = 6;

  // Pod volumes to mount into the container's filesystem.
  // Cannot be updated.
  // +optional
  // +patchMergeKey=mountPath
  // +patchStrategy=merge
  repeated VolumeMount volumeMounts = 9;
}

// ContainerPort represents a network port in a single container.
message ContainerPort {
  // If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
  // named port in a pod must have a unique name. Name for the port that can be
  // referred to by services.
  // +optional
  optional string name = 1;

  // Number of port to expose on the host.
  // If specified, this must be a valid port number, 0 < x < 65536.
  // If HostNetwork is specified, this must match ContainerPort.
  // Most containers do not need this.
  // +optional
  optional int32 hostPort = 2;

  // Number of port to expose on the pod's IP address.
  // This must be a valid port number, 0 < x < 65536.
  optional int32 containerPort = 3;

  // Protocol for port. Must be UDP, TCP, or SCTP.
  // Defaults to "TCP".
  // +optional
  // +default="TCP"
  optional string protocol = 4;

  // What host IP to bind the external port to.
  // +optional
  optional string hostIP = 5;
}

// ContainerState holds a possible state of container.
// Only one of its members may be specified.
// If none of them is specified, the default one is ContainerStateWaiting.
message ContainerState {
  // Details about a running container
  // +optional
  optional ContainerStateRunning running = 2;
}

// ContainerStateRunning is a running state of a container.
message ContainerStateRunning {
  // Time at which the container was last (re-)started
  // +optional
  optional github.com.cilium.cilium.pkg.k8s.slim.k8s.apis.meta.v1.Time startedAt = 1;
}

// ContainerStatus contains details for the current status of this container.
message ContainerStatus {
  // State holds details about the container's current condition.
  // +optional
  optional ContainerState state = 2;

  // ContainerID is the ID of the container in the format '<type>://<container_id>'.
  // Where type is a container runtime identifier, returned from Version call of CRI API
  // (for example "containerd").
  // +optional
  optional string containerID = 8;
}

// EndpointAddress is a tuple that describes single IP address.
// +structType=atomic
message EndpointAddress {
  // The IP of this endpoint.
  // May not be loopback (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or fe80::/10),
  // or link-local multicast (224.0.0.0/24 or ff02::/16).
  optional string ip = 1;

  // Optional: Node hosting this endpoint. This can be used to determine endpoints local to a node.
  // +optional
  optional string nodeName = 4;
}

// EndpointPort is a tuple that describes a single port.
// +structType=atomic
message EndpointPort {
  // The name of this port.  This must match the 'name' field in the
  // corresponding ServicePort.
  // Must be a DNS_LABEL.
  // Optional only if one port is defined.
  // +optional
  optional string name = 1;

  // The port number of the endpoint.
  optional int32 port = 2;

  // The IP protocol for this port.
  // Must be UDP, TCP, or SCTP.
  // Default is TCP.
  // +optional
  optional string protocol = 3;
}

// EndpointSubset is a group of addresses with a common set of ports. The
// expanded set of endpoints is the Cartesian product of Addresses x Ports.
// For example, given:
//
// 	{
// 	  Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}],
// 	  Ports:     [{"name": "a", "port": 8675}, {"name": "b", "port": 309}]
// 	}
//
// The resulting set of endpoints can be viewed as:
//
// 	a: [ 10.10.1.1:8675, 10.10.2.2:8675 ],
// 	b: [ 10.10.1.1:309, 10.10.2.2:309 ]
message EndpointSubset {
  // IP addresses which offer the related ports that are marked as ready. These endpoints
  // should be considered safe for load balancers and clients to utilize.
  // +optional
  repeated EndpointAddress addresses = 1;

  // Port numbers available on the related IP addresses.
  // +optional
  repeated EndpointPort ports = 3;
}

// Endpoints is a collection of endpoints that implement the actual service. Example:
//
// 	 Name: "mysvc",
// 	 Subsets: [
// 	   {
// 	     Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}],
// 	     Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}]
// 	   },
// 	   {
// 	     Addresses: [{"ip": "10.10.3.3"}],
// 	     Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}]
// 	   },
// 	]
message Endpoints {
  // Standard object's metadata.
  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
  // +optional
  optional github.com.cilium.cilium.pkg.k8s.slim.k8s.apis.meta.v1.ObjectMeta metadata = 1;

  // The set of all endpoints is the union of all subsets. Addresses are placed into
  // subsets according to the IPs they share. A single address with multiple ports,
  // some of which are ready and some of which are not (because they come from
  // different containers) will result in the address being displayed in different
  // subsets for the different ports. No address will appear in both Addresses and
  // NotReadyAddresses in the same subset.
  // Sets of addresses and ports that comprise a service.
  // +optional
  repeated EndpointSubset subsets = 2;
}

// EndpointsList is a list of endpoints.
message EndpointsList {
  // Standard list metadata.
  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
  // +optional
  optional github.com.cilium.cilium.pkg.k8s.slim.k8s.apis.meta.v1.ListMeta metadata = 1;

  // List of endpoints.
  repeated Endpoints items = 2;
}

// LoadBalancerIngress represents the status of a load-balancer ingress point:
// traffic intended for the service should be sent to an ingress point.
message LoadBalancerIngress {
  // IP is set for load-balancer ingress points that are IP based
  // (typically GCE or OpenStack load-balancers)
  // +optional
  optional string ip = 1;

  // Hostname is set for load-balancer ingress points that are DNS based
  // (typically AWS load-balancers)
  // +optional
  optional string hostname = 2;

  // IPMode specifies how the load-balancer IP behaves, and may only be specified when the ip field is specified.
  // Setting this to "VIP" indicates that traffic is delivered to the node with
  // the destination set to the load-balancer's IP and port.
  // Setting this to "Proxy" indicates that traffic is delivered to the node or pod with
  // the destination set to the node's IP and node port or the pod's IP and port.
  // Service implementations may use this information to adjust traffic routing.
  // +optional
  optional string ipMode = 3;

  // Ports is a list of records of service ports
  // If used, every port defined in the service should have an entry in it
  // +listType=atomic
  // +optional
  repeated PortStatus ports = 4;
}

// LoadBalancerStatus represents the status of a load-balancer.
message LoadBalancerStatus {
  // Ingress is a list containing ingress points for the load-balancer.
  // Traffic intended for the service should be sent to these ingress points.
  // +optional
  repeated LoadBalancerIngress ingress = 1;
}

// Namespace provides a scope for Names.
// Use of multiple namespaces is optional.
message Namespace {
  // Standard object's metadata.
  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
  // +optional
  optional github.com.cilium.cilium.pkg.k8s.slim.k8s.apis.meta.v1.ObjectMeta metadata = 1;
}

// NamespaceList is a list of Namespaces.
message NamespaceList {
  // Standard list metadata.
  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
  // +optional
  optional github.com.cilium.cilium.pkg.k8s.slim.k8s.apis.meta.v1.ListMeta metadata = 1;

  // Items is the list of Namespace objects in the list.
  // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
  repeated Namespace items = 2;
}

// Node is a worker node in Kubernetes.
// Each node will have a unique identifier in the cache (i.e. in etcd).
message Node {
  // Standard object's metadata.
  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
  // +optional
  optional github.com.cilium.cilium.pkg.k8s.slim.k8s.apis.meta.v1.ObjectMeta metadata = 1;

  // Spec defines the behavior of a node.
  // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
  // +optional
  optional NodeSpec spec = 2;

  // Most recently observed status of the node.
  // Populated by the system.
  // Read-only.
  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
  // +optional
  optional NodeStatus status = 3;
}

// NodeAddress contains information for the node's address.
message NodeAddress {
  // Node address type, one of Hostname, ExternalIP or InternalIP.
  optional string type = 1;

  // The node address.
  optional string address = 2;
}

// NodeCondition contains condition information for a node.
message NodeCondition {
  // Type of node condition.
  optional string type = 1;

  // Status of the condition, one of True, False, Unknown.
  optional string status = 2;

  // (brief) reason for the condition's last transition.
  // +optional
  optional string reason = 5;
}

// NodeList is the whole list of all Nodes which have been registered with master.
message NodeList {
  // Standard list metadata.
  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
  // +optional
  optional github.com.cilium.cilium.pkg.k8s.slim.k8s.apis.meta.v1.ListMeta metadata = 1;

  // List of nodes
  repeated Node items = 2;
}

// NodeSpec describes the attributes that a node is created with.
message NodeSpec {
  // PodCIDR represents the pod IP range assigned to the node.
  // +optional
  optional string podCIDR = 1;

  // podCIDRs represents the IP ranges assigned to the node for usage by Pods on that node. If this
  // field is specified, the 0th entry must match the podCIDR field. It may contain at most 1 value for
  // each of IPv4 and IPv6.
  // +optional
  // +patchStrategy=merge
  repeated string podCIDRs = 7;

  // ID of the node assigned by the cloud provider in the format: <ProviderName>://<ProviderSpecificNodeID>
  // +optional
  optional string providerID = 3;

  // If specified, the node's taints.
  // +optional
  repeated Taint taints = 5;
}

// NodeStatus is information about the current status of a node.
message NodeStatus {
  // Conditions is an array of current observed node conditions.
  // More info: https://kubernetes.io/docs/concepts/nodes/node/#condition
  // +optional
  // +patchMergeKey=type
  // +patchStrategy=merge
  repeated NodeCondition conditions = 4;

  // List of addresses reachable to the node.
  // Queried from cloud provider, if available.
  // More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses
  // Note: This field is declared as mergeable, but the merge key is not sufficiently
  // unique, which can cause data corruption when it is merged. Callers should instead
  // use a full-replacement patch. See https://pr.k8s.io/79391 for an example.
  // Consumers should assume that addresses can change during the
  // lifetime of a Node. However, there are some exceptions where this may not
  // be possible, such as Pods that inherit a Node's address in its own status or
  // consumers of the downward API (status.hostIP).
  // +optional
  // +patchMergeKey=type
  // +patchStrategy=merge
  repeated NodeAddress addresses = 5;
}

// Pod is a collection of containers that can run on a host. This resource is created
// by clients and scheduled onto hosts.
message Pod {
  // Standard object's metadata.
  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
  // +optional
  optional github.com.cilium.cilium.pkg.k8s.slim.k8s.apis.meta.v1.ObjectMeta metadata = 1;

  // Specification of the desired behavior of the pod.
  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
  // +optional
  optional PodSpec spec = 2;

  // Most recently observed status of the pod.
  // This data may not be up to date.
  // Populated by the system.
  // Read-only.
  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
  // +optional
  optional PodStatus status = 3;
}

// PodCondition contains details for the current condition of this pod.
message PodCondition {
  // Type is the type of the condition.
  // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions
  optional string type = 1;

  // Status is the status of the condition.
  // Can be True, False, Unknown.
  // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions
  optional string status = 2;

  // Last time we probed the condition.
  // +optional
  optional github.com.cilium.cilium.pkg.k8s.slim.k8s.apis.meta.v1.Time lastProbeTime = 3;

  // Last time the condition transitioned from one status to another.
  // +optional
  optional github.com.cilium.cilium.pkg.k8s.slim.k8s.apis.meta.v1.Time lastTransitionTime = 4;

  // Unique, one-word, CamelCase reason for the condition's last transition.
  // +optional
  optional string reason = 5;

  // Human-readable message indicating details about last transition.
  // +optional
  optional string message = 6;
}

// PodIP represents a single IP address allocated to the pod.
message PodIP {
  // IP is the IP address assigned to the pod
  optional string ip = 1;
}

// PodList is a list of Pods.
message PodList {
  // Standard list metadata.
  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
  // +optional
  optional github.com.cilium.cilium.pkg.k8s.slim.k8s.apis.meta.v1.ListMeta metadata = 1;

  // List of pods.
  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md
  repeated Pod items = 2;
}

// PodSpec is a description of a pod.
message PodSpec {
  // List of initialization containers belonging to the pod.
  // Init containers are executed in order prior to containers being started. If any
  // init container fails, the pod is considered to have failed and is handled according
  // to its restartPolicy. The name for an init container or normal container must be
  // unique among all containers.
  // Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
  // The resourceRequirements of an init container are taken into account during scheduling
  // by finding the highest request/limit for each resource type, and then using the max of
  // of that value or the sum of the normal containers. Limits are applied to init containers
  // in a similar fashion.
  // Init containers cannot currently be added or removed.
  // Cannot be updated.
  // More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
  // +patchMergeKey=name
  // +patchStrategy=merge
  repeated Container initContainers = 20;

  // List of containers belonging to the pod.
  // Containers cannot currently be added or removed.
  // There must be at least one container in a Pod.
  // Cannot be updated.
  // +patchMergeKey=name
  // +patchStrategy=merge
  repeated Container containers = 2;

  // ServiceAccountName is the name of the ServiceAccount to use to run this pod.
  // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
  // +optional
  optional string serviceAccountName = 8;

  // NodeName is a request to schedule this pod onto a specific node. If it is non-empty,
  // the scheduler simply schedules this pod onto that node, assuming that it fits resource
  // requirements.
  // +optional
  optional string nodeName = 10;

  // Host networking requested for this pod. Use the host's network namespace.
  // If this option is set, the ports that will be used must be specified.
  // Default to false.
  // +k8s:conversion-gen=false
  // +optional
  optional bool hostNetwork = 11;
}

// PodStatus represents information about the status of a pod. Status may trail the actual
// state of a system, especially if the node that hosts the pod cannot contact the control
// plane.
message PodStatus {
  // The phase of a Pod is a simple, high-level summary of where the Pod is in its lifecycle.
  // The conditions array, the reason and message fields, and the individual container status
  // arrays contain more detail about the pod's status.
  // There are five possible phase values:
  //
  // Pending: The pod has been accepted by the Kubernetes system, but one or more of the
  // container images has not been created. This includes time before being scheduled as
  // well as time spent downloading images over the network, which could take a while.
  // Running: The pod has been bound to a node, and all of the containers have been created.
  // At least one container is still running, or is in the process of starting or restarting.
  // Succeeded: All containers in the pod have terminated in success, and will not be restarted.
  // Failed: All containers in the pod have terminated, and at least one container has
  // terminated in failure. The container either exited with non-zero status or was terminated
  // by the system.
  // Unknown: For some reason the state of the pod could not be obtained, typically due to an
  // error in communicating with the host of the pod.
  //
  // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase
  // +optional
  optional string phase = 1;

  // Current service state of pod.
  // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions
  // +optional
  // +patchMergeKey=type
  // +patchStrategy=merge
  repeated PodCondition conditions = 2;

  // hostIP holds the IP address of the host to which the pod is assigned. Empty if the pod has not started yet.
  // A pod can be assigned to a node that has a problem in kubelet which in turns mean that HostIP will
  // not be updated even if there is a node is assigned to pod
  // +optional
  optional string hostIP = 5;

  // podIP address allocated to the pod. Routable at least within the cluster.
  // Empty if not yet allocated.
  // +optional
  optional string podIP = 6;

  // podIPs holds the IP addresses allocated to the pod. If this field is specified, the 0th entry must
  // match the podIP field. Pods may be allocated at most 1 value for each of IPv4 and IPv6. This list
  // is empty if no IPs have been allocated yet.
  // +optional
  // +patchStrategy=merge
  // +patchMergeKey=ip
  repeated PodIP podIPs = 12;

  // RFC 3339 date and time at which the object was acknowledged by the Kubelet.
  // This is before the Kubelet pulled the container image(s) for the pod.
  // +optional
  optional github.com.cilium.cilium.pkg.k8s.slim.k8s.apis.meta.v1.Time startTime = 7;

  // The list has one entry per container in the manifest.
  // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status
  // +optional
  repeated ContainerStatus containerStatuses = 8;

  // The Quality of Service (QOS) classification assigned to the pod based on resource requirements
  // See PodQOSClass type for available QOS classes
  // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/#quality-of-service-classes
  // +optional
  optional string qosClass = 9;
}

message PortStatus {
  // Port is the port number of the service port of which status is recorded here
  optional int32 port = 1;

  // Protocol is the protocol of the service port of which status is recorded here
  // The supported values are: "TCP", "UDP", "SCTP"
  optional string protocol = 2;

  // Error is to record the problem with the service port
  // The format of the error shall comply with the following rules:
  // - built-in error values shall be specified in this file and those shall use
  //   CamelCase names
  // - cloud provider specific error values must have names that comply with the
  //   format foo.example.com/CamelCase.
  // ---
  // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
  // +optional
  // +kubebuilder:validation:Required
  // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$`
  // +kubebuilder:validation:MaxLength=316
  optional string error = 3;
}

// Secret holds secret data of a certain type. The total bytes of the values in
// the Data field must be less than MaxSecretSize bytes.
message Secret {
  // Standard object's metadata.
  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
  // +optional
  optional github.com.cilium.cilium.pkg.k8s.slim.k8s.apis.meta.v1.ObjectMeta metadata = 1;

  // Immutable, if set to true, ensures that data stored in the Secret cannot
  // be updated (only object metadata can be modified).
  // If not set to true, the field can be modified at any time.
  // Defaulted to nil.
  // +optional
  optional bool immutable = 5;

  // Data contains the secret data. Each key must consist of alphanumeric
  // characters, '-', '_' or '.'. The serialized form of the secret data is a
  // base64 encoded string, representing the arbitrary (possibly non-string)
  // data value here. Described in https://tools.ietf.org/html/rfc4648#section-4
  // +optional
  map<string, bytes> data = 2;

  // stringData allows specifying non-binary secret data in string form.
  // It is provided as a write-only input field for convenience.
  // All keys and values are merged into the data field on write, overwriting any existing values.
  // The stringData field is never output when reading from the API.
  // +k8s:conversion-gen=false
  // +optional
  map<string, string> stringData = 4;

  // Used to facilitate programmatic handling of secret data.
  // More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types
  // +optional
  optional string type = 3;
}

// SecretList is a list of Secret.
message SecretList {
  // Standard list metadata.
  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
  // +optional
  optional github.com.cilium.cilium.pkg.k8s.slim.k8s.apis.meta.v1.ListMeta metadata = 1;

  // Items is a list of secret objects.
  // More info: https://kubernetes.io/docs/concepts/configuration/secret
  repeated Secret items = 2;
}

// Service is a named abstraction of software service (for example, mysql) consisting of local port
// (for example 3306) that the proxy listens on, and the selector that determines which pods
// will answer requests sent through the proxy.
message Service {
  // Standard object's metadata.
  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
  // +optional
  optional github.com.cilium.cilium.pkg.k8s.slim.k8s.apis.meta.v1.ObjectMeta metadata = 1;

  // Spec defines the behavior of a service.
  // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
  // +optional
  optional ServiceSpec spec = 2;

  // Most recently observed status of the service.
  // Populated by the system.
  // Read-only.
  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
  // +optional
  optional ServiceStatus status = 3;
}

// ServiceList holds a list of services.
message ServiceList {
  // Standard list metadata.
  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
  // +optional
  optional github.com.cilium.cilium.pkg.k8s.slim.k8s.apis.meta.v1.ListMeta metadata = 1;

  // List of services
  repeated Service items = 2;
}

// ServicePort contains information on service's port.
message ServicePort {
  // The name of this port within the service. This must be a DNS_LABEL.
  // All ports within a ServiceSpec must have unique names. When considering
  // the endpoints for a Service, this must match the 'name' field in the
  // EndpointPort.
  // Optional if only one ServicePort is defined on this service.
  // +optional
  optional string name = 1;

  // The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
  // Default is TCP.
  // +default="TCP"
  // +optional
  optional string protocol = 2;

  // The port that will be exposed by this service.
  optional int32 port = 3;

  // The port on each node on which this service is exposed when type is
  // NodePort or LoadBalancer.  Usually assigned by the system. If a value is
  // specified, in-range, and not in use it will be used, otherwise the
  // operation will fail.  If not specified, a port will be allocated if this
  // Service requires one.  If this field is specified when creating a
  // Service which does not need it, creation will fail. This field will be
  // wiped when updating a Service to no longer need it (e.g. changing type
  // from NodePort to ClusterIP).
  // More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
  // +optional
  optional int32 nodePort = 5;
}

// ServiceSpec describes the attributes that a user creates on a service.
message ServiceSpec {
  // The list of ports that are exposed by this service.
  // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
  // +patchMergeKey=port
  // +patchStrategy=merge
  // +listType=map
  // +listMapKey=port
  // +listMapKey=protocol
  repeated ServicePort ports = 1;

  // Route service traffic to pods with label keys and values matching this
  // selector. If empty or not present, the service is assumed to have an
  // external process managing its endpoints, which Kubernetes will not
  // modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
  // Ignored if type is ExternalName.
  // More info: https://kubernetes.io/docs/concepts/services-networking/service/
  // +optional
  // +mapType=atomic
  map<string, string> selector = 2;

  // clusterIP is the IP address of the service and is usually assigned
  // randomly. If an address is specified manually, is in-range (as per
  // system configuration), and is not in use, it will be allocated to the
  // service; otherwise creation of the service will fail. This field may not
  // be changed through updates unless the type field is also being changed
  // to ExternalName (which requires this field to be blank) or the type
  // field is being changed from ExternalName (in which case this field may
  // optionally be specified, as describe above).  Valid values are "None",
  // empty string (""), or a valid IP address. Setting this to "None" makes a
  // "headless service" (no virtual IP), which is useful when direct endpoint
  // connections are preferred and proxying is not required.  Only applies to
  // types ClusterIP, NodePort, and LoadBalancer. If this field is specified
  // when creating a Service of type ExternalName, creation will fail. This
  // field will be wiped when updating a Service to type ExternalName.
  // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
  // +optional
  optional string clusterIP = 3;

  // ClusterIPs is a list of IP addresses assigned to this service, and are
  // usually assigned randomly.  If an address is specified manually, is
  // in-range (as per system configuration), and is not in use, it will be
  // allocated to the service; otherwise creation of the service will fail.
  // This field may not be changed through updates unless the type field is
  // also being changed to ExternalName (which requires this field to be
  // empty) or the type field is being changed from ExternalName (in which
  // case this field may optionally be specified, as describe above).  Valid
  // values are "None", empty string (""), or a valid IP address.  Setting
  // this to "None" makes a "headless service" (no virtual IP), which is
  // useful when direct endpoint connections are preferred and proxying is
  // not required.  Only applies to types ClusterIP, NodePort, and
  // LoadBalancer. If this field is specified when creating a Service of type
  // ExternalName, creation will fail. This field will be wiped when updating
  // a Service to type ExternalName.  If this field is not specified, it will
  // be initialized from the clusterIP field.  If this field is specified,
  // clients must ensure that clusterIPs[0] and clusterIP have the same
  // value.
  //
  // This field may hold a maximum of two entries (dual-stack IPs, in either order).
  // These IPs must correspond to the values of the ipFamilies field. Both
  // clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
  // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
  // +listType=atomic
  // +optional
  repeated string clusterIPs = 18;

  // type determines how the Service is exposed. Defaults to ClusterIP. Valid
  // options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
  // "ClusterIP" allocates a cluster-internal IP address for load-balancing
  // to endpoints. Endpoints are determined by the selector or if that is not
  // specified, by manual construction of an Endpoints object or
  // EndpointSlice objects. If clusterIP is "None", no virtual IP is
  // allocated and the endpoints are published as a set of endpoints rather
  // than a virtual IP.
  // "NodePort" builds on ClusterIP and allocates a port on every node which
  // routes to the same endpoints as the clusterIP.
  // "LoadBalancer" builds on NodePort and creates an external load-balancer
  // (if supported in the current cloud) which routes to the same endpoints
  // as the clusterIP.
  // "ExternalName" aliases this service to the specified externalName.
  // Several other fields do not apply to ExternalName services.
  // More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
  // +optional
  optional string type = 4;

  // externalIPs is a list of IP addresses for which nodes in the cluster
  // will also accept traffic for this service.  These IPs are not managed by
  // Kubernetes.  The user is responsible for ensuring that traffic arrives
  // at a node with this IP.  A common example is external load-balancers
  // that are not part of the Kubernetes system.
  // +optional
  repeated string externalIPs = 5;

  // Supports "ClientIP" and "None". Used to maintain session affinity.
  // Enable client IP based session affinity.
  // Must be ClientIP or None.
  // Defaults to None.
  // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
  // +optional
  optional string sessionAffinity = 7;

  // Only applies to Service Type: LoadBalancer.
  // This feature depends on whether the underlying cloud-provider supports specifying
  // the loadBalancerIP when a load balancer is created.
  // This field will be ignored if the cloud-provider does not support the feature.
  // Deprecated: This field was under-specified and its meaning varies across implementations.
  // Using it is non-portable and it may not support dual-stack.
  // Users are encouraged to use implementation-specific annotations when available.
  // +optional
  optional string loadBalancerIP = 8;

  // If specified and supported by the platform, this will restrict traffic through the cloud-provider
  // load-balancer will be restricted to the specified client IPs. This field will be ignored if the
  // cloud-provider does not support the feature."
  // More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
  // +optional
  repeated string loadBalancerSourceRanges = 9;

  // externalTrafficPolicy describes how nodes distribute service traffic they
  // receive on one of the Service's "externally-facing" addresses (NodePorts,
  // ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
  // the service in a way that assumes that external load balancers will take care
  // of balancing the service traffic between nodes, and so each node will deliver
  // traffic only to the node-local endpoints of the service, without masquerading
  // the client source IP. (Traffic mistakenly sent to a node with no endpoints will
  // be dropped.) The default value, "Cluster", uses the standard behavior of
  // routing to all endpoints evenly (possibly modified by topology and other
  // features). Note that traffic sent to an External IP or LoadBalancer IP from
  // within the cluster will always get "Cluster" semantics, but clients sending to
  // a NodePort from within the cluster may need to take traffic policy into account
  // when picking a node.
  // +optional
  optional string externalTrafficPolicy = 11;

  // healthCheckNodePort specifies the healthcheck nodePort for the service.
  // This only applies when type is set to LoadBalancer and
  // externalTrafficPolicy is set to Local. If a value is specified, is
  // in-range, and is not in use, it will be used.  If not specified, a value
  // will be automatically allocated.  External systems (e.g. load-balancers)
  // can use this port to determine if a given node holds endpoints for this
  // service or not.  If this field is specified when creating a Service
  // which does not need it, creation will fail. This field will be wiped
  // when updating a Service to no longer need it (e.g. changing type).
  // This field cannot be updated once set.
  // +optional
  optional int32 healthCheckNodePort = 12;

  // sessionAffinityConfig contains the configurations of session affinity.
  // +optional
  optional SessionAffinityConfig sessionAffinityConfig = 14;

  // IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
  // service. This field is usually assigned automatically based on cluster
  // configuration and the ipFamilyPolicy field. If this field is specified
  // manually, the requested family is available in the cluster,
  // and ipFamilyPolicy allows it, it will be used; otherwise creation of
  // the service will fail. This field is conditionally mutable: it allows
  // for adding or removing a secondary IP family, but it does not allow
  // changing the primary IP family of the Service. Valid values are "IPv4"
  // and "IPv6".  This field only applies to Services of types ClusterIP,
  // NodePort, and LoadBalancer, and does apply to "headless" services.
  // This field will be wiped when updating a Service to type ExternalName.
  //
  // This field may hold a maximum of two entries (dual-stack families, in
  // either order).  These families must correspond to the values of the
  // clusterIPs field, if specified. Both clusterIPs and ipFamilies are
  // governed by the ipFamilyPolicy field.
  // +listType=atomic
  // +optional
  repeated string ipFamilies = 19;

  // IPFamilyPolicy represents the dual-stack-ness requested or required by
  // this Service. If there is no value provided, then this field will be set
  // to SingleStack. Services can be "SingleStack" (a single IP family),
  // "PreferDualStack" (two IP families on dual-stack configured clusters or
  // a single IP family on single-stack clusters), or "RequireDualStack"
  // (two IP families on dual-stack configured clusters, otherwise fail). The
  // ipFamilies and clusterIPs fields depend on the value of this field. This
  // field will be wiped when updating a service to type ExternalName.
  // +optional
  optional string ipFamilyPolicy = 17;

  // loadBalancerClass is the class of the load balancer implementation this Service belongs to.
  // If specified, the value of this field must be a label-style identifier, with an optional prefix,
  // e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users.
  // This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load
  // balancer implementation is used, today this is typically done through the cloud provider integration,
  // but should apply for any default implementation. If set, it is assumed that a load balancer
  // implementation is watching for Services with a matching class. Any default load balancer
  // implementation (e.g. cloud providers) should ignore Services that set this field.
  // This field can only be set when creating or updating a Service to type 'LoadBalancer'.
  // Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
  // +optional
  optional string loadBalancerClass = 21;

  // InternalTrafficPolicy describes how nodes distribute service traffic they
  // receive on the ClusterIP. If set to "Local", the proxy will assume that pods
  // only want to talk to endpoints of the service on the same node as the pod,
  // dropping the traffic if there are no local endpoints. The default value,
  // "Cluster", uses the standard behavior of routing to all endpoints evenly
  // (possibly modified by topology and other features).
  // +optional
  optional string internalTrafficPolicy = 22;
}

// ServiceStatus represents the current status of a service.
message ServiceStatus {
  // LoadBalancer contains the current status of the load-balancer,
  // if one is present.
  // +optional
  optional LoadBalancerStatus loadBalancer = 1;

  // Current service state
  // +optional
  // +patchMergeKey=type
  // +patchStrategy=merge
  // +listType=map
  // +listMapKey=type
  repeated github.com.cilium.cilium.pkg.k8s.slim.k8s.apis.meta.v1.Condition conditions = 2;
}

// SessionAffinityConfig represents the configurations of session affinity.
message SessionAffinityConfig {
  // clientIP contains the configurations of Client IP based session affinity.
  // +optional
  optional ClientIPConfig clientIP = 1;
}

// The node this Taint is attached to has the "effect" on
// any pod that does not tolerate the Taint.
message Taint {
  // Required. The taint key to be applied to a node.
  optional string key = 1;

  // The taint value corresponding to the taint key.
  // +optional
  optional string value = 2;

  // Required. The effect of the taint on pods
  // that do not tolerate the taint.
  // Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
  optional string effect = 3;

  // TimeAdded represents the time at which the taint was added.
  // It is only written for NoExecute taints.
  // +optional
  optional github.com.cilium.cilium.pkg.k8s.slim.k8s.apis.meta.v1.Time timeAdded = 4;
}

// TypedLocalObjectReference contains enough information to let you locate the
// typed referenced object inside the same namespace.
// +structType=atomic
message TypedLocalObjectReference {
  // APIGroup is the group for the resource being referenced.
  // If APIGroup is not specified, the specified Kind must be in the core API group.
  // For any other third-party types, APIGroup is required.
  // +optional
  optional string apiGroup = 1;

  // Kind is the type of resource being referenced
  optional string kind = 2;

  // Name is the name of resource being referenced
  optional string name = 3;
}

// VolumeMount describes a mounting of a Volume within a container.
message VolumeMount {
  // Path within the container at which the volume should be mounted.  Must
  // not contain ':'.
  optional string mountPath = 3;
}

